If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

Google adsense banners...

Hi Everyone, its been a while since I have posted here, but I need you to help me settle an argument. Since I am fairly sure I am right, and it seems to me a no brainer, I am posting it here in the newbie forum.

User: Everyone who visits the url **********MODERATOR EDIT: CLICK AT YOUR OWN RISK: www.ffxiah.com *********** is having a trojan/keylogger uploaded to their computer and allowing the "cracker" to steal their passwords and account information to their game accounts.

Me: I find that a bit hard to swallow, can you prove this?

User: Everyone I know has visited this site and who have had their accounts hacked all have the same program on it, a trojan that installs a keylogger.

Me: and they did not click the google ad links.

User no

Is there a way for this to happen? Could he be right? Can one of our experts visit this site and find out if there is anything to what he is alleging. I understand this is a very serious accusation. I trust google's ads myself, like I said I find this hard to swallow.

Firstly. Remove the URL. As a n00bie might click the link and infect there own computer.

Secondly get the owner to check the logs to the site, It would seem that someone has gained Admin access to the server and has edited the DB and the index.php from what i can see.

The attacker is using nice looking xss attack. {Cross site scripting}.

The registered user logs in using the log in area, they enter there details into the infected area, thus the credentials are being sent to a remote server and the attacker gets the users login details and can do what they wish.

Also get the Admin to check the Google ad codes with the code that he/she was given from Google Adsense.

The attacker could also have modified the ad's to use a simple javascript to download a trojan or dropper if the xss did not work.

Do the usual checking server logs for strange activity. Check file permissions, Also check and double check as you don't know if the attacker has changed/edited other files just incase the most noticable ones get removed.

And if still in doubt, and are able to pin point where the strangeness started to happen then use a back up prior to that happening and fix the hole.